Trepup Privacy Notice

Effective 12 May 2023

This Privacy Notice governs your access to and use of Trepup, and should be read in conjunction and together with the Terms of Service and the Policies. For the purposes of this Privacy Notice, all capitalized terms, not otherwise defined herein, shall have the meaning ascribed to them as set forth in the Terms of Service.

All references in this Privacy Notice to the singular shall include the plural (and vice versa) where applicable, and any gender form shall include all others.

Your privacy is important to Trepup. We strive to take reasonable care to protect the information we receive from you and to abide by applicable data and privacy protection laws and regulations. Trepup complies with the EU General Data Protection Regulation (GDPR), which sets guidelines for the collection and processing of personal information from individuals. We have therefore established and created this Privacy Notice to inform you about the type of personal information we collect from you, how we use it and what options you have to limit our use of the personal data related to you.

When you create your Trepup Account, we will ask for your consent to allow us to collect, store, disclose, process, deal with or transfer such personal data in the manner and for the purposes mentioned in the Policies. You may withdraw your consent at any time.

By accessing or using Trepup or by otherwise giving us your information, you will be deemed to have the capacity to enter into a legally binding contract as per the jurisdiction from which you are accessing the website. You will consequently be deemed to have read, understood, and agreed to the practices and policies outlined in this Privacy Notice and agree to be bound by its terms.

How and what types of personal data do we collect?

When you use or sign up for Trepup, you voluntarily give us certain personal data such as your name, email address and password. You can update this personal data anytime by signing in to your Trepup Account.

You may also choose to give us permission to access your personal data from other services. For example, you may link your Apple or Google account to Trepup, which allows us to obtain personal data from those accounts. The personal data we obtain from these services (for example, your contact information) often depends on your settings or their privacy policies, so be sure to check them before you link other accounts. Providing any personal data to us via a social media website is beyond our control and made at your own risk as such websites are hosted by third parties.

Whenever you use any website, mobile application or other Internet service, there is certain personal data that gets created and recorded. Similarly, when you access or use Trepup, personal data may get created or recorded.

The personal data we collect is generally "personally identifiable" (i.e., it can be used to specifically identify you as a unique person). We also collect or process "non-personally identifiable" data (i.e., it cannot be used to specifically identify you or identify you only in combination with other pieces of information).

We collect the following types of personal data:

• Log data:

  While accessing or using Trepup, our servers automatically record personal data, including personal data that your browser sends whenever you visit a website. This log data may include your IP address, browser type and settings, operating system, the referring web page, pages visited, location, search terms and cookie data.

• Behavioral information:

  We collect information about how Trepup is used, including usage statistics, traffic data, access times and locations, and browsing history.

• Financial information:

  You are required to provide your financial information such as your credit or debit card details for the purposes of debiting your account with any fees pursuant to the use of Trepup services.

• Cookie data:

  Depending on how you access Trepup, we may use "cookies" (a small text file sent by your device each time you visit the website, unique to your Trepup Account or browser) or similar technologies, such as web beacons or pixels, to record log data, analyze trends, gather demographic information, or track navigation through our website. For further details, refer to the Cookies policy.

• Device information:

  We collect information about the device on which you are using Trepup. The device information will include personal data such as type of device, operating system, device settings, unique device identifiers and crash data. This helps us make sure that our website displays and functions correctly on your device. Whether we collect some or all this device information, including personal data, often depends on what type of device you are using and its settings. For example, different types of device information and personal data are available depending on whether you are using a Mac or a personal computer. To learn more about what device information and personal data your device makes available to us, check the policies of your device manufacturer or software provider.

• Web beacons:

  We include web beacons on our website and in the emails we send. For further details, refer to the Cookies policy.

• Forward-to-friend link:

  If one of your contacts uses the forward-to-friend link in an email you send, your email content may be shared. We do not keep records of your contacts' email addresses, and do not add anyone to a distribution list because of the forward-to-friend link if a contact forwards an email to a friend. Users only see the total number of times their contacts forwarded their email and cannot access the email addresses that were used to share or receive the forwarded content.

• Other sources:

  To develop Trepup, we may search through the Internet to receive further information concerning you or your contacts, such as name, email address, location, IP addresses, demographic information, and use of social media websites.

What other types of personal data do we collect?

The other types of information that we may collect about you include the following:

• Demographic information:

  We collect information that refers to selected population characteristics, including age, gender, and location.

• Indirect information:

  Your use of certain third-party websites and applications require us to collect such information considered necessary for that purpose.

• Customer support data:

  We collect your information when you contact us through email or other means/tools available on Trepup. This includes (1) information solicited by our support staff to validate your Trepup Account and identity, (2) record of communication between you and our support staff, which may be used for monitoring and quality improvement, (3) response to a query or comment about Trepup, and (4) for the purpose of reinstatement of accounts blocked or suspended by us on any ground in accordance with the Policies.

• Data on third parties:

  We do not have any direct relationship with your contacts or other people you provide us personal data on by using Trepup. Therefore, it is your sole responsibility to obtain the explicit consent of your contacts for us to collect and process information in accordance with applicable laws and regulations. Trepup takes no responsibility and assumes no liability for any unlawful use of the website. If a contact no longer wishes to be contacted, he can directly unsubscribe from the distribution list uploaded by the user or ask the user to update or delete him from the distribution list.

How do we use the personal data we collect and on what basis?

We may use the personal data we collect to

• provide Trepup to you and protect Trepup and our users.
• send you updates about activities on Trepup, emails, promotional materials and other information that may be of interest to you. For example, depending on your notification settings, we may send you periodic updates that include topics you may like. You will always have an option to stop getting these updates or unsubscribe from getting any emails or other notifications by updating your preferences or by following the procedures we may provide.
• help your contacts find you on Trepup or allow people to search for your profile on Trepup using your username.
• respond to your questions or comments.
• send you emails, invoices and further notifications concerning billing and collecting money related to the use of Trepup services.
• send you system notifications such as version updates, warnings, or changes in the Policies.
• communicate with you in any other context, including, but not limited to, providing customer support, meeting legal requirements or enforcing compliance with the Policies.

We may also use the personal data we collect to

• operate Trepup to foster a positive user experience and to improve the product.
• provide you customized content, including suggesting accounts on Trepup that you may like to follow.
• analyze data, track trends, build algorithms and create databases for rating systems and recommendation engines.
• conduct research activities.
• conduct non-targeting activities such as frequency capping, compliance, billing, ad reporting or delivery, market research or product development purposes.
• conduct audits and quality assessment procedures for Trepup.
• analyze the use of our resources, troubleshooting problems and improving Trepup.
• investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of the Terms of Service, the Policies or as otherwise required by law or to initiate any legal proceedings against you in relation to the foregoing.
• contact you from time to time to record your feedback on Trepup.

We process personal data for the purposes specified above on the following legal bases:

• To perform the contract that we have entered into with you or to conduct precontractual measures that occur as part of your request
• To establish, exercise or defend legal claims
• To comply with legal and regulatory obligations
• For legitimate interests, including the interests set out above, for example, to understand how users interact with our services to ensure and improve the performance of our services
• Based on consent.

What options do you have about your personal data?

Our aim is to give you simple options so that you can exercise control over your personal data. If you have a Trepup Account, many of the options you have are embedded into the website or your settings. For example, you may

• change or remove personal data on your Trepup profile at any time.
• link or delink your Trepup Account from an account on another service.
• control cookies or other types of local data storage through the browser you use.
• temporarily deactivate or permanently close your Trepup Account.

You should be aware that some of the personal data that may have been shared on third-party websites may continue to be available, as we do not have control over these websites. Your personal data may also appear in online searches. Other personal data that you have shared with others, or that other users have copied, may also remain visible. You should only share personal data with people that you trust because they will be able to save it or reshare it with others, including when they sync the personal data to a device.

How do we share your personal data?

Depending on your usage of Trepup, your personal data may be visible to others. For example, when you create your Trepup profile, anyone can view it and access your personal data.

Trepup does not generally disclose your personal data to third parties. We may however share your personal data in the following limited instances:

• When you give us your consent
• To comply with a law, regulation, or legal request
• To protect the safety, rights or property of the public, any user or Trepup
• To detect, prevent or otherwise address fraud, security, or technical issues
• To third parties who are authorized by us to perform functions on our behalf, including, but not limited to, those which provide administrative or other services to us such as mailing houses, telecommunication companies, information technology companies, payment gateway service providers, data centers and auditors
• If Trepup were to engage in a merger, acquisition, reorganization, bankruptcy, dissolution, or similar transaction or proceeding that involves the transfer of the personal data described in this Privacy Notice.

How do we protect your personal data?

To protect your personal data in line with the applicable data and privacy protection laws and regulations, we have implemented all appropriate technical and organizational measures as required under the GDPR or other applicable law.

We use industry-leading technology to keep your personal data safe. To protect your personal data, we automatically encrypt your confidential personal data in transit from your device to Trepup using Transport Layer Security version 1.2, a security protocol designed to facilitate privacy and data security for communications over the Internet.

Once you provide us your personal data, it resides on a server that is heavily guarded both physically and electronically. Trepup servers sit behind an electronic security system and are not directly connected to the Internet, so your private personal data is available only to authorized computers.

To enhance security, we use process automation to analyze user activity for fraudulent or anomalous behavior, limit use of our website in response to signs of abuse, remove inappropriate user content or links to illegal content, and suspend or disable accounts for any security violations.

We maintain records of personal data and on processing activities for as long as required by law.

How can you protect your personal data?

We do our best to keep your personal data safe, but we cannot guarantee that your personal data will be 100% safe. We, however, request that you cooperate with us in protecting your personal data and comply with the following personal security measures:

• Do not give third parties access to your computer or other devices when you access Trepup.
• Keep your Trepup signin credentials, including passwords for your computer or other devices, confidential.
• Update your antivirus software when requested by your antivirus software provider.
• Do not send any confidential information by using Trepup.

You agree that the security measures adopted by us are reasonable to protect your personal data. We disclaim any liability because of any breach of security or unintended loss or disclosure of your personal data unless it is caused by our gross negligence or intentional misconduct.

We can only keep your personal data up to date and accurate to the extent that you provide us with the necessary information. It is your responsibility to notify us of any changes in your personal data.

Which rights do you have about your personal data?

You have the following rights regarding the processing of your personal data:

• Withdrawal of consent:

  At any time, you may give or withdraw your consent to us for collecting and processing your personal data in the manner and for the purposes mentioned in the Policies. We will ask for your consent when you create your Trepup Account and in other cases if required by law. You may withdraw or limit your consent at any time by changing your settings or by directly contacting us. However, even after you have chosen to withdraw your consent, we may be able to continue to process your personal data to the extent required or permitted by law.

  Your withdrawal of consent or deletion of your Trepup Account may result in us not being able to provide you with Trepup services or terminating any existing relationship that we may have with you.

• Objection to or restriction:

  You may object to any processing of your personal data. Once you inform us about the reason for your objection, we will review whether and to what extent we can restrict or stop the future processing of your personal data in accordance with applicable law. We will inform you if we decide to lift a restriction or objection to processing.

• Access and information:

  You are entitled to request confirmation or information about whether, where and for what purpose your personal data is being processed, and you may access your personal data. If you require, we will provide you with a copy of your personal data in a commonly used electronic format free of charge. You may reuse your personal data also for your own purposes across other services.

• Rectification:

  If you become aware that your personal data is incomplete or inaccurate, you can rectify or change it at any time. It is your responsibility to keep your personal data complete, accurate and up to date.

• Deletion:

  If you choose to close your Trepup Account or request us to delete your personal data, we will delete your personal data within a maximum period of 180 calendar days unless retention obligations or superseding retention rights apply. For example, we will retain your personal data for the exercise or defense of legal claims, to comply with legal obligations, or to perform requests of official authorities or for archiving purposes in the public interest.

• Lodging a complaint:

  You have the right to lodge a complaint in relation to our processing of your personal data with a local supervisory authority. The supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner.

We will inform you immediately if a data security incident occurs, which is likely to result in a high risk to your rights and freedoms. If Article 33 of the GDPR or other applicable law requires notification of a data protection supervisory authority, we will inform the competent authority within 72 hours about the incident.

To which countries do we transfer personal data?

We may transfer or store personal data worldwide wherever Trepup does business, including to countries outside your own and with third parties on their servers on our behalf, but always in accordance with this Privacy Notice or other applicable laws or regulations.

Transfers of your personal data outside the European territory composed of the European Economic Area, the United Kingdom and Switzerland may be made with your prior informed consent or where an adequate level of protection is ensured, or in other circumstances making the transfer necessary, such as in terms of the performance of a contract made in your interest, for important reasons of public interest or for the defense, exercise, or establishment of legal claims.

How do third parties process data on Third-Party Links?

Trepup may include hyperlinks to various external websites, and may also include advertisements and hyperlinks to applications, content, or resources ("Third-Party Links"). We have no control over such Third-Party Links present on Trepup, which are provided by users. You acknowledge and agree that we are not responsible for any collection or disclosure of your information by any external websites, applications, companies, or persons thereof. Third-Party Links on Trepup are not a recommendation, endorsement or solicitation of any material or content on such Third-Party Links, or any other material on or available via such Third-Party Links.

You further acknowledge and agree that we are not liable for any loss or damage which may be incurred by you because of the collection and/or disclosure of your information via Third-Party Links, because of any reliance placed by you on the completeness, accuracy or existence of any advertising, products, or other materials on or available via such Third-Party Links. This will include all transactions and information transmitted between you and any such third-party websites, applications, or resources. All such transactions will be strictly between you and the third-party websites, applications, or resources. We shall not be liable for any disputes arising from or in connection with such transactions between you and third parties.

Such third-party websites and external applications or resources, accessible via the Third-Party Links may have their own privacy policies governing the collection, storage, retention, and disclosure of your information that you may be subject to. We recommend that you exercise reasonable diligence, as you would in traditional offline channels and practice judgment and common sense before committing to any transaction or exchange of information, including, but not limited to, reviewing the third-party website or application's privacy policy.

How long do we keep data?

We will retain your personal information for as long as necessary for the purpose for which it was collected. We will further retain your personal data to comply with legal and regulatory obligations, for as long as claims could be brought against us and for as long as legitimate interests, including data security, require.

How do we protect children's privacy?

We do not knowingly collect personal data from users who are under 13 years old. Upon discovery of any personal data of any children, we shall purge such personal data in accordance with applicable law.